Thanks Tobias!! For a Quick clarification. Looks like i need to raise the issue with Juniper.
BR Sajal On Fri, Feb 13, 2015 at 4:44 PM, Tobias Brunner <[email protected]> wrote: > Hi Sajal, > > > Why SA negotiation is failing between Strongswan and Juniper. Juniper > > had already shared its Issuer Certificate(SubCA2) in IKE_INIT Message. > > No, what it sends in the CERTREQ payload during IKE_SA_INIT is a > certificate request for certificates issued by SubCA2. This payload > contains a SHA-1 hash of the issuer certificate's public key, not the > certificate. The intermediate CA certificate should be sent as CERT > payload during the IKE_AUTH exchange. > > Regards, > Tobias > >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
